Five Things You Need to Know About Ransomware

Ransomware attacks are on the rise, and the results can be devastating.

According to PwC’s 2016 Irish Economic Crime survey, more than 34% of Irish businesses had experienced economic crime in the previous two years, with cybercrime accounting for 44% of all reported incidents. Yet while viruses, spyware and malware grab most of the headlines, a different, arguably more nefarious threat is on the rise: ransomware.

Research from McAfee's 2016 White Paper – 'Understanding Ransomware and Strategies to Defeat It’ – shows that this method of attacking companies and obtaining their money is becoming increasingly common. Here are five things every business should know.

1. What it is

As its name suggests, ransomware involves withholding an asset until a ransom has been paid. When that asset is digital, however, the method is more complicated and involves encrypting a company’s data until funds have been received. It involves six steps:

Distribution of ransomware program: this might be contained in an email attachment, a compromised website, or a USB drive.

Infection: the program then arrives on a user’s computer and starts to work.

Communication: the program talks to encryption-key servers to retrieve a public key needed to encrypt data.

File search: the program then searches for the files to encrypt, for example docx, xlsx.

Encryption: the ransomware program moves and renames the targeted files, then encrypts them, locating them on the encryption server.

Ransom demand: this is typically done by taking over the screen of the infected computer and demanding payment. At this point, the user decides whether to pay the ransom and hopes it will receive a key that can unlock the data.

2. It’s not as new as you might think

While the above may sound as if it relies on the latest technology to implement, the concept is a little older. In fact, the first known example of ransomware, called the AIDS Trojan, occurred in 1989. Ransomware prototypes were developed soon afterwards, but it wasn’t until 2005 that the level of their deployment became serious.

3. Ransoms are demanded in digital currencies

Why 2005? The first serious piece of ransomware was GPCode, which exploited the anonymous nature of digital currencies to let the ransom holders get funds without being traced by the police. GPCode demanded its victims pay in e-gold and Liberty Reserve – both digital currencies – but it was the invention of bitcoin in 2009 that fuelled ransomware. Unlike digital currencies before it, bitcoin works independently of hard assets that are used to bolster its real-world value – thereby making transactions much less traceable and more anonymous. With that anonymity came the low risk that perpetrators would be caught.

“If the unthinkable happens and ransomware encrypts valuable data, you don’t want to be left with no choice but to send thousands of euros to a faceless adversary to get your files back”

Dermot Williams, managing director, Threatscape

Ward Solutions’ 2017 information security survey showed one fifth of Irish businesses were held to ransom by cyber criminals in the previous 12 months. Of those companies, 64% said the amount demanded by the cybercriminals was less than €1,000. Demanding a relatively small amount of money enables them to target organisations of all sizes, and to do so repeatedly.

4. Ransomware is on the rise

Not surprisingly, the fact that criminals can extort money with little expectation of being traced has meant the use of ransomware has grown. But you might be surprised by the rate of this growth. According to McAfee Labs Threat Report 2017, in the first quarter of 2015 there were fewer than 3 million attacks around the world. In the first quarter of 2017, there were nearly 10 million such attacks. Reports from some industry analysts indicate that incidences are multiplying at a rate of 50% per year – such a high rate that some estimates suggest ransomware attacks now account for a quarter of all cyber threats.

But not only is the number of attacks increasing, so is the sophistication. For instance, the latest versions encrypt the names of files as well as the data within, so even if you try to decrypt your important files, you’d first face the almost insurmountable task of identifying them. Other ransomware techniques involve threats to publish original files (possibly breaching a company’s intellectual property), and there are predictions that entire networks will soon become the focus.

5. You can protect yourself

While you might need expert help to implement a strategy that fully protects your company, you can take many precautionary steps in-house.

Establish passwords that only allow pre-approved staff to install software, and educate all staff not to open suspect emails, attachments or malicious links on the web. Dermot Williams, managing director of Threatscape, a Dublin-based IT security-solutions provider, says: “For businesses, a growing threat is fake emails sent to financial staff that pretend to be instructions from senior executives for payments to be made to suppliers.

“Companies should ensure their business processes never rely on a single email alone to initiate actions like this. Be extra-cautious if an email entices you to click on a link to a website, open an attached file or make changes to your computer settings.”

Install a firewall to prevent your staff from visiting known malicious domains and use web-filtering software that prevents dodgy programs entering your network. Ensure that whatever solution you choose is monitoring the health of your enterprise around the clock. Williams says: “Realise that you can never anticipate every attack and must therefore have a constant security-monitoring process, ideally 24/7, that will detect malicious or suspect activity on your systems and ensure an expert quickly investigates to see if further action is warranted.”

Back up and restore files locally using an ‘air-gapped’ system – storage that is not normally connected to your network. “If the unthinkable happens and ransomware somehow encrypts valuable data on one or more of your computers, you don’t want to be left with no choice but to send thousands of euros to a faceless adversary across the internet to get your files back,” says Williams.

“Much better to be able to wipe the computer, restore everything from a back-up and move on, having lost nothing but a bit of time.”